CVE-2011-1949: Plone Cross-site Scripting vulnerability

July 23, 2018 (updated October 11, 2024)

Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.

References

exchange.xforce.ibmcloud.com/vulnerabilities/67694
github.com/advisories/GHSA-h6hq-c896-w882
github.com/plone/Plone
github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-15.yaml
nvd.nist.gov/vuln/detail/CVE-2011-1949

Detect and mitigate CVE-2011-1949 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →